[Update: 3 comments] Fireeye’s announcement of their discovery of a breach is all over the news. The Reuters article quotes a ‘Western security official’ as saying “Plenty of similar companies have also been popped like this.” I have two comments. First, it’s easy for anyone to label attackers “sophisticated.” Fireeye certainly has more data and…

Read More Fireeye Hack & Culture

As we launched the threat modeling manifesto, we ran into some trouble with TLS. Some of you even reported those troubles, by saying “it’s not working.” Thanks. That’s so helpful. Sarcasm aside, there’s a basic form to a helpful bug report: “I did A, and observed B.” If you want to make it really useful,…

Read More It’s Not Working!

Post thumbnail

There’s a threat modeling manifesto being released today by a diverse set of experts and advocates for threat modeling. We consciously modeled it after the agile manifesto and it’s focused on values and principles. Also, there’s a podcast that gives you a chance to listen, behind-the-scenes at The Threat Modeling Manifesto – Part 1.

Read More A Threat Modeling Manifesto

Before the election, I wrote about legitimacy. In that, I said “The second function of democracy is to convince everyone that it produces legitimate and correct choices.” There are two important things worth watching. First, President Trump is attempting to cast doubt on an election in which he was thoroughly rejected by voters. Second, we…

Read More On Legitimacy (After the Election)